ruby4.0-rubygem-actiontext-8.0-8.0.3-1.3 on GA media (moderate)

ruby4.0-rubygem-actiontext-8.0-8.0.3-1.3 on GA media Announcement ID: openSUSE-SU-2026:10339-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

OPENSUSE-SU-2026:10339-1 ruby4.0-rubygem-actiontext-8.0-8.0.3-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-actiontext-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...

Basecamp: Improper Access Control in `fizzy.do` import flow allows cross-tenant ActionText reference resolution and data disclosure

The vulnerability allowed for cross-tenant ActionText reference resolution and data disclosure during the account import flow. The import process did not properly verify the ownership of the referenced records before minting signed global IDs, enabling an attacker to access and disclose data from...

ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15111-1 Rating: moderate Cross-References: CVE-2024-34341 CVE-2024-47888 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all securit...

GHSA-W8GC-X259-RC7X rails-html-sanitize has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

ruby3.3-rubygem-actiontext-7.0-7.0.8.6-1.1 on GA media (moderate)

ruby3.3-rubygem-actiontext-7.0-7.0.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2024:14473-1 Rating: moderate Cross-References: CVE-2024-47888 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed ...

OPENSUSE-SU-2024:14473-1 ruby3.3-rubygem-actiontext-7.0-7.0.8.6-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-actiontext-7.0-7.0.8.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:14068-1 ruby3.3-rubygem-actiontext-7.0-7.0.8.4-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-actiontext-7.0-7.0.8.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11822-1 ruby3.1-rubygem-actiontext-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actiontext-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11319-1 ruby2.7-rubygem-actiontext-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-actiontext-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

Internet Bug Bounty: [CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML

CVE-2024-32464 ActionText ContentAttachment's can Contain Unsanitized HTML Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag were discovered to potentially contain unsanitized HTML. This vulnerability was assigned the CVE identifier CVE-2024-32464. Versions...

Cross-site Scripting(XSS)

actiontext is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the lack of sanitization of HTML content within instances of ActionText::Attachable::ContentAttachment included in a richtextarea tag, which results in unsanitized HTML rendering...

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

GHSA-PRJP-H48F-JGF6 ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

Cross-site Scripting (XSS)

Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Trix editor via ActionText::Attachable::ContentAttachment in the richtextarea tag. An attacker can introduce malicious...

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...